If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

i think it's possible to create a memory resident program that intercepts the Environ call and feeds it's own value instead of the real username. doing it directly though is much harder to spoof without rewritting the windows API

If you're that worried about security then you'd be a fool to be only using the username as a method of authentication.

Ive always felt that its perfectly acceptable, in a managed network environment to use the windows logon within Access. why?
the user has already authenticated themselves to the network usign the network logon, so there is no need to reauthenticate or request passwords. If the data is heal don a central server, then if the network is down, then its unlikely they can access remote data aswell. The only time this has been a problem is when the users want to use local data as well as remote...

besides which its the preferred route these days on a SQL installation

side advantages are
..your users do not have to create yet another user ID & password combination, they don't have to change their Access / Data password periodically.. its very difficult to force a password change within access. its a piece of proverbiual under the network
..you dont have to worry if the user has created a sensible password (ie mix of numbers, letters etc).. thats handled by the network logon.
..its very difficult for the average corporate hacker / (ab)user to break such a password.. Access security is OK, but I wouldn't want to use it to store sensitive data.
...when your network admins update the Office installaiton they undoubably will nuke the settings, meaning that users may well loose their system.mdw
...errant users/developers wont nuke settigns in the workgroup file that could casue serious problems.. Ive seen people take out other settigns /users as they weren't required for thier application.
you can if you wish implemement a userid /ip address / machine name compbination vettign scheme if required

but the biggest reason in my books is its transparent..the user doens't even need to see they have been authenticated.. it easier for them (no more extra bits of passwords. How often have you found the little black book adjacent to the workstation, or post it notes all over the monitor with all the userid/password combinations for each system the user has access to.

Ive always felt that its perfectly acceptable, in a managed network environment to use the windows logon within Access. why?
the user has already authenticated themselves to the network usign the network logon, so there is no need to reauthenticate or request passwords.

That was sort of my point. In the environments I've developed in too, fairly stringent authentication was already in place just to access the network, so the use of faking the Environ$ would be pretty feeble anyway.